Without limiting the scope of the invention, its background is described in connection with IEEE standards 1149.1 and 1687.
Over the last decade there has been a proliferation in the number and type of on-chip embedded instruments, keys, and data. Some examples include memory and logic built-in self-test controllers (MBIST and LBIST), trace buffers, temperature and delay sensors, voltage and frequency domain controllers, and I/O configuration hardware. They are valuable tools during test, debug, and diagnosis, as well as when portions of the chip (such as the SERDES I/O) need to be configured.
Design for Testability (“DFT”) hardware, especially scan chains, are well-known avenues for attackers to gain unauthorized access to internal chip infrastructure. In the case of Joint Test Action Group (“JTAG”) ports in typical IEEE 1149.1 scan architectures, this often involves an attacker shifting undocumented instruction encodings into the chain and looking at the chip response. Scan chains may also be harnessed by unauthorized users to capture and read out internal circuit states and break encryption hardware (e.g. [2]-[4]). Thus, some chip providers fuse off the JTAG port after test and before the chip is shipped. Unfortunately, the port can then no longer be used for debug, configuration, or diagnosis.
Many researchers have proposed other methods of protecting the JTAG port and scan chains from attack. Some methods use challenge-response pairs along with hashes or encryption algorithms (e.g. [5]-[8]). Others reorder the scan chain if the first k-bits shifted in don't correspond to a pre-chosen key (e.g. [9], [10]). Other methods disguise chain data by changing it with inversions or XORs [11]-[13]. [14] aims to protect a scan chain by requiring several keys to be scanned into the chain over several cycles during a test initialization phase. The authors of [15] investigated the effect that on-chip DFT hardware, such as response compaction, X-masking etc., could have on the information made available to an attacker and the need for countermeasures. Finally, [16] proposes an open circuit deadlock (“OCD”) cell that inserts an open into the scan chain if a SecureRST signal has not been asserted by key checker function hardware.
The IEEE standard 1687 was created to enable efficient access to this hidden content (e.g, embedded instruments, data, keys, etc.) by allowing the scan chain that accesses hidden content to be dynamically reconfigured by opening new chain segments. Unlike IEEE 1149.1, which is instruction-based, this dynamic reconfiguration is controlled by the data shifted through the scan network. For example, FIG. 1 shows a block diagram of a generalized JTAG and IEEE 1687 architecture 100 to access hidden content. The test access port (“TAP”) controller 102 receives a test data input (“TDI”) signal 104, a test mode select (“TMS”) signal 106, a test clock (“TCK”) signal 108, and provides a test data output (“TDO”) signal 110 (collectively referred to as TAP signals 112). The TAP controller 102 accesses scan cell circuit(s) 114 that provide access to the Test Data Register(s) (TDR) 116 of the hidden content(s) 118.
Although IEEE 1687 supports multiple hardware architectures (i.e., scan cell circuits) through its description language, the network reconfiguration is often controlled by segment insertion bits (SIBs) that allow additional areas of the scan network to be accessed when the correct value is clocked into the SIB's Update cell. For example, FIG. 2 shows a prior art SIB circuit as shown and described in U.S. Pat. No. 8,881,301 (FIG. 5).
Although companies may not object to end users accessing some types of instruments, access to others, such as sensors, trace buffers, scan-dump, and configuration hardware, may be a threat to on-chip IP or safety. Information such as chip IDs and encryption keys should also be made inaccessible to attackers. Alternative methods of protecting instruments in an IEEE 1687 network from unauthorized access are needed.
Often, an attacker with no specific knowledge of the network will scan random data or specific patterns (e.g. walking a one) through it, and will observe the effect on circuit behavior and data captured in the scan cells. In an unprotected IEEE 1687 network, this strategy will allow the attacker to quickly open all SIBs and map the network architecture, obtaining access to all embedded instruments attached to the network.
Accordingly, there is a need to provide better protection of hidden content in integrated circuits from unauthorized access.